package com.xiaren.crsftest;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 测试crsf攻击，测试步骤：
 * <pre>
 * 		访问 http://localhost:8081/WebTest/csrfTest/trust.jsp
 * 
 * 
 * </pre>
 * 
 * 
 */
@WebServlet("/CrsfTestServlet")
public class CrsfTestServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String operate = request.getParameter("operate");
		if("login".equals(operate)){			
			String username = request.getParameter("username");
			request.getSession().setAttribute("username", username);
			response.sendRedirect("csrfTest/trust.jsp");
		} else if("add".equals(operate)){
			if(request.getSession().getAttribute("username") == null){
				
			} else {
				response.getWriter().println("未登录");
			}
		}
	}

}
